I found a fun meme on Facebook about passwords. Passwords. What??? When I was a lad, we didn’t have passwords and usernames. What has the world become?
Well, it’s become a world of people who are dumb and stupid and create passwords that are ridiculous and easily hackable. For example, the world’s most popular passwords are 123456, 12345678, 123456789, password, qwerty, 111111, 123123, root, 654321, and Pass@123. Equally, as Michael McIntyre the UK comedian points out, it’s pretty easy to hack passwords as they ask for a number and special character.
Anyways, my fun group on Facebook came up with some great answers when asked what their passwords might be, such as:
- SnowWhiteandtheSevenDwarfs … they said 8 characters were needed
- Mine was Chicken but it said I needed a capital ... so it’s now ChickenKiev
- I tried “MyWilly” but they said it was too short!
- My password is ‘incorrect’, so that the system reminds me when I forget it
- My password is the last four digits of pi
- I just chose “Letmein”
... and there are many more. All of these made me smile, but it brings me back to my core theme of the moment: security, identity, authentication, verification, access and trust.
These themes have been running through my mind for a while but came to a head as the network is no longer to be trusted. When a thousand celebrities claim their identities are being stolen through deep fakes, the network cannot be trusted. When you find romance online and then find that your partner is a fake, the network cannot be trusted. When you believe you are sending money to a trusted contact in business and they fail to deliver, the network cannot be trusted. The list goes on, and it raises the question: why do we trust the network?
There are so many threats emerging on the network to take your money – some direct (romance scams) and some indirect (fake websites) – that it makes you wonder why we rely so much on the network. Equally, because of so many scams, we face increasing barriers to entry to our financial providers. Increasing KYC (Know Your Customer) requirements, increasing proof of identity, increasing requirements for passwords, biometrics, confirmations and verifications.
The whole thing seems pretty messed up.
So, what’s the solution?
Well no one seems to know. There are 100s trying, but few solving. It almost makes me feel secretive of sharing what the solution could be but, in the spirit of my thinking, the solution will be that we ditch usernames and passwords, passkeys, OTPs and all other forms of access … and we create a whole new way of thinking using biometrics.
I said this twenty years ago, and still believe it today. The reason is that biometric identification is simple, easy and safe. Sure, it could be hacked or cracked – while you’re sleeping, someone scans your face – but it is also becoming more and more sophisticated and secure.
A good example is Alipay launched Pay by Face seven years ago, and it makes everything easy.
But is it safe? Yes! The face recognition payment system is considered safe because it uses multiple security measures including encryption, biometric verification, and real-time monitoring. So, why isn’t Pay by Face everywhere? The answer is that people are worried about privacy. A bit like putting chips in your body, having your biometrics recorded by institutions and governments creates worries about privacy. If institutions and governments can track and trace your every movement 24*7, how can you ensure you have privacy?
It is this balance between privacy and security that is the key. If you want security, then you want your bank and financial activities to be bulletproof secure; but if you want privacy, you don’t want your government and institutions to track and trace your every movement.
This means that yes, there are solutions. We can get rid of usernames and passwords, and we can use biometrics and geolocation to provide safety and security. The thing is that if we deploy those solutions, it has to be under the customer’s control.
Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...